要求
docker version 1.6.0以上
1. 创建docker仓库数据和配置目录
sudo mkdir -p /opt/docker/registry/data
sudo mkdir -p /opt/docker/registry/conf
2. 创建registry容器并挂载到/opt/docker/registry/data下
sudo docker run -d -p 5000:5000 \
-v /opt/docker/registry/data:/var/lib/registry \
--name docker-registry registry:2.6.2
3. 给registry 添加用户
apt-get install apache2-utils \
htpasswd -c /opt/docker/registry/conf/docker-registry.htpasswd rennbon
添加完一个用户后再添加其他用户不需要 "-c"
4. 获取SSL证书
网上很多用openssl生成证书的方法,我这里也照着试用了下,但是因为不被信任等问题导致docker login失败,这里主要通过letsencrypt生成证书
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt-auto --help
这里菜兄我碰到了如下问题
OSError: Command /opt/eff.org/certbot/venv/bin/python2.7 - setuptools pkg_resources pip wheel failed with error code 2
"解决方法"
pip uninstall virtualenv
pip install virtualenv
给自己的域名生成证书
./letsencrypt-auto certonly --standalone -d <HOST>
执行成功后出现以下目录
/etc/letsencrypt/live/<HOST> 目录
然后执行copy,将公钥和私钥copy到当初建造了registry配置目录下,当然这里也可以不copy,在下面的Nginx代理的时候挂载当前目录
cp /etc/letsencrypt/live/<host>/fullchain.pem /opt/docker/registry/conf/docker-registry.crt
cp /etc/letsencrypt/live/<host>/privkey.pem /opt/docker/registry/conf/docker-registry.key
5. docker nginx 代理
sudo docker run -d \
-p 443:443 \
--name docker-registry-proxy \
-e REGISTRY_HOST="docker-registry" \
-e REGISTRY_PORT="5000" \
-e SERVER_NAME="<host>" \
--link docker-registry:docker-registry \
-v /opt/docker/registry/conf/docker-registry.htpasswd:/etc/nginx/.htpasswd:ro \
-v /opt/docker/registry/conf:/etc/nginx/ssl:ro \
containersol/docker-registry-proxy
6. 远程登录宿主机docker registry
docker login <host>
Username:
Password:
Login Succeeded
参考
https://www.jianshu.com/p/e254f9994d6a
https://www.v2ex.com/t/266876
https://letsencrypt.org/docs/
http://blog.csdn.net/a911711054/article/details/78534204
网友评论